What is claimed is: 

1 . A network system for switching security associations comprising: 
a first, a second, and a third network device; 

a first secure communication between the first and second network devices, the first 
5 secure communication having a security association and a pre-defined sequence number limit 
less than a maximum sequence number; and 

a second secure communication between the first and third network devices, the second 
secure communication having the same security association as the first secure communication, 
the second secure communication also having an initial sequence number greater than the pre- 
i";! 10 defined sequence number limit. 

2. The network system of claim 1 fiirther comprising a fourth network device having 
j|i security information corresponding to the security association, the fourth network device capable 
Q of passing the security information fi-om the first network device to the third network device. 

U 15 

O 3. The network system of claim 2 wherein the security information comprises at least a 

security parameter index. 

4. The network system of claim 2 wherein the fourth network device is a redundancy 
20 handler. 



5. The network system of claim 2 wherein the fourth network device is a router. 
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6. The network system of claim 2 wherein the fourth network device is a media gateway 
controller, and the first and third network devices are media gateways. 



5 7. The network system of claim 1 wherein the first and second network devices are blades. 



8. The network system of claim 1 wherein the first network device is an active network 
device, and the third network device is a standby network device. 



10 9. The network system of claim 1 wherein the second secure communication replaces the 
first secure communication when the first secure communication fails. 



10. The network system of claim 1 wherein replay prevention is enabled for both the first and 
second secure communications. 



11. A network system for switching security associations comprising: 
a first, a second, and a third network device; 

a first secure communication between the first and second network devices, the first 
secure communication having a security association and a pre-defined sequence number limit 
20 less than a maximum sequence number; 

a second secure communication between the first and third network devices, the second 
secure communication having the same security association as the first secure communication, 
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the second secure communication also having an initial sequence number greater than the pre- 
defined sequence number limit; and 

a fourth network device having security information corresponding to the security 
association, the fourth network device capable of passing the security information from the first 
5 network device to the third network device; 

wherein replay prevention is enabled for both the first and second secure 
communications. 

12. The network system of claim 11 wherein the second secure communication replaces the 
Q 10 first secure communication when the first secure communication fails. 

jf 13. The network system of claim 1 1 wherein the first and second secure communications are 

"p: voice calls. 

;■■;:( iJ 
1 

! ' i 

15 14. The network system of claim 11 wherein the security information comprises at least a 
O seciirity parameter index. 



15. A method for switching security associations between network devices, the method 
comprising the steps of: 

20 estabUshing a first communication between a first network device and a second network 

device; 

negotiating a security association for the first communication; 
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using a pre-defined sequence number limit less than a maximum sequence number for the 
first communication; 

replacing the first communication with a second commumcation between the first 
network device and a third network device; 
5 implementing the same security association for the second commxmication as the first 

communication; and 

using an initial sequence number greater than the pre-defined sequence number limit for 
the second communication. 

Q 10 16, The method of claim 15 further comprising the step of passing security information 
corresponding to the security association from the first network device to the third network 
device. 

r 17. The method of claim 16 further comprising the step of providing at least a security 

U 15 parameter index for the security information. 

18. The method of claim 16 further comprising the step of storing the security information in 
a fourth network device. 

20 19. The method of claim 15 further comprising the step of replacing the first communication 
with the second communication when the first communication fails. 

-23- 

McDONNELL BOEHNEN 
HULBERT & BERGHOFF 
300 SOUTH WACKER DRIVE 

CHICAGO, ILLINOIS 60606 
TELEPHONE (312) 913-0001 



20. The method of claim 15 further comprising the step of enabling replay prevention for 
both the first and second communications. 



21. The method of claim 15 further comprising the step of providing voice calls for the first 
5 and second communications. 

22. The method of claim 15 further comprising the step of providing blades for the first, 
second, and third network devices. 

Q 10 23. A method for switching security associations between network devices, the method 
^1 comprising the steps of: 

^ establishing a first communication between a first network device and a second network 

i;;' device; 

r I negotiating a security association for the first communication; 

u, 15 using a pre-defined sequence number limit less than a maximum sequence number for the 

first communication; 

replacing the first communication with a second communication between the first 
network device and a third network device; 

passing security information corresponding to the security association from the first 
20 network device to the third network device, 

implementing the same security association for the second communication as the first 
communication; 
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using an initial sequence number greater than the pre-defined sequence number limit for 
the second communication. 



24, The method of claim 23 further comprising the step of providing at least a security 
5 parameter index for the security information. 

25. The method of claim 23 further comprising the step of replacing the first commxxnication 
with the second communication when the first communication fails. 

Q 10 26. The method of claim 23 fixrther comprising the step of enabling replay prevention for 
^1 both the first and second communications. 

■ i; ! 27. The method of claim 23 fiirther comprising the step of storing the security information in 

a fourth network device. 

15 
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